similar to: RE: Shorewall and an inline IDS (snort-inline orhogwash)

Is anyone using an inline IDS like hogwash or snort-inline to drop packets in a system running shoreline? I _think_ I see how to configure it, but I''d be really interested in finding a howto or something... Thanks! Mike- -- Mornings: Evolution in action. Only the grumpy will survive. -- Please note - Due to the intense volume of spam, we have installed site-wide spam filters at

You are awesome!!!! -----Original Message----- From: shorewall-users-bounces@lists.shorewall.net [mailto:shorewall-users-bounces@lists.shorewall.net] On Behalf Of Tom Eastep Sent: Wednesday, March 30, 2005 9:11 AM To: Mailing List for Shorewall Users Subject: Re: [Shorewall-users] Shorewall and an inline IDS (snort-inlineorhogwash) Tom Eastep wrote: > Thibodeau, Jamie L. wrote: >

This is probably a stupid question, but I''m stumped. Practically every time my firewall boots (not often, but still) eth0 and eth1 exchange places (internet and intranet). How do I lock them down? SuSE 9.2, Shorewall 2.2.3. Thanks! Mike- -- Mornings: Evolution in action. Only the grumpy will survive. -- Please note - Due to the intense volume of spam, we have installed site-wide

Plus I would like to let you know that it works like a charm. Snort can now see those packets. -----Original Message----- From: shorewall-users-bounces@lists.shorewall.net [mailto:shorewall-users-bounces@lists.shorewall.net] On Behalf Of Thibodeau, Jamie L. Sent: Wednesday, March 30, 2005 9:25 AM To: Mailing List for Shorewall Users Subject: RE: [Shorewall-users] Shorewall and an inline

I have a server running SuSE 9.3 (Samba 3.0.13-1.1). The underlying filesystem is xfs, and the NICs are Netgear gigabit. 2 Gb of ram in a P4/3.0 Ghz. The workstations are windows XP Pro, with all service packs installed, on P4 3+ Ghz, 1-2 Gb of ram. (varies a bit by workstation) I have one particular tree on the server that contains over 12K files in a few hundred subdirs. Breaking it up

Question to the list, Has anyone here had experience using Shorewall (multi-isp configuration) with Snort inline? First, is this possible? Second, if anyone has done this, what documentation, if any did they use to set it up? Third, does snort have to run inline on a firewall (I''m under the impression it does)?

hello list, i''ve set up shorewall and snort inline on a linux box. it works, but snort only sees traffic from new connections. and this is because shorewall automatically generates rules to accept established and related connections. how can i force shorewall to queue everything, so that snort can scan the hole traffic like in IDS mode. The setup i have now is really simple, just 2 zones

I cannot even start troubleshooting until I buy a clue. What does "Can't become connected user" mean? It shows up fairly often. Aside from happening when I try to access a share, there's no pattern that I can see. ---------- 6 11:34:40 badlands smbd[20524]: [2005/11/06 11:34:40, 0] smbd/service.c:make_connection_snum(577) Nov 6 11:34:40 badlands smbd[20524]: Can't

Dear all, I''m setting up a new gateway for a small network (under 30 users)Gw will host the following services:shorewalldnsproxy i''m considering installing snort.can i do so on the same exact box ? is there any security risk of doing so ? box would have 4 ISPs and two internal interfaces. Any recommendation about the optimal setup of snort and shorewall (or if you suggest

Hello all: I tried to install snort under /usr/ports/security and have some problems. with "make all", I checked every item on the menu but I got error messages: ////////////////////////////// laptop# make all ===> snort-2.8.1_1 is marked as broken: FLEXRESP2 patch file does not incorporate cleanly. *** Error code 1 Stop in /usr/ports/security/snort.

I figured that someone reading this list might want to take a look at the proceeding, considering that the version of Snort in FreeBSD ports -is- affected. -----Forwarded Message----- > From: CERT Advisory <cert-advisory@cert.org> > To: cert-advisory@cert.org > Subject: CERT Advisory CA-2003-13 Multiple Vulnerabilities in Snort Preprocessors > Date: 17 Apr 2003 11:30:47 -0400

I want to use snort inline for ips and imq for bandwidth shaping When i have inserted imq module ip_queue module insertion giving error Is it possible to use both at the same time -- Failure seldom stops you. What stops you is the fear of failure. _______________________________________________ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

I've been prowling through the FreeBSD and Snort list archives in search of information on setting up snort on a FreeBSD bridge(4) that logs to a remote postgres box via a third interface (hme0) Snort is being started with the following command: /usr/local/bin/snort -A full -D -e -d -s -i fxp0 -c /usr /local/etc/snort.conf Where fxp0 and fxp1 are in the bridge output from sysctl:

Hi all, I need to monitor all traffic and block bad requests on my guest machines and also on my xen host. To accomplish this I think to install snort on my dom0 host (rhel5). Somebody have tried this? What about performance on guests?? Many thanks ... -- CL Martinez carlopmart {at} gmail {d0t} com _______________________________________________ Xen-users mailing list

Dear Friends, I need to know, if RPM SNORT on repository DAG include option flexresp. Thanks Adriano

Hi Everyone, Can anyone confirm if a xen based domU can be used for snort setup? It is not for commercial use, rather just SOHO use. Regards, dot.yet _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users

Hi Everyone, Can anyone confirm if a xen based domU can be used for snort setup? It is not for commercial use, rather just SOHO use. Regards, dot.yet _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users

Hi All, I am facing a problem when using ULOG daemon and SNORT (inline mode) with iptables. My set up is like this. 1. I need ULOG daemon to log firewall logs to MYSQL database. 2. I need SNORT in inline mode for intrusion prevention. Both can work fine induvidually with iptables. But ULOG daemon cannot work when SNORT is also running. Probably the reason is that snort also hooks to

Hi, I''m new to the list, but have been through the documentation, archives, etc. looking for more info... I''ve been using shorewall 1.3.14 for a few months now, has been working well from day one. I''m also using it with dshield (submitting logs and using the block list). I''m thinking of adding snort-inline to the mix (I run apache and postfix on the same box,

FYI Kris ----- Forwarded message from Kris Kennaway <kris@FreeBSD.org> ----- X-Original-To: kkenn@localhost Delivered-To: kkenn@localhost.obsecurity.org Delivered-To: kris@freebsd.org Delivered-To: ports-committers@freebsd.org From: Kris Kennaway <kris@FreeBSD.org> Date: Thu, 17 Apr 2003 14:45:03 -0700 (PDT) To: ports-committers@FreeBSD.org, cvs-ports@FreeBSD.org,